Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 698220

Summary: rpc.svcgssd: Segmentation fault on error
Product: Red Hat Enterprise Linux 6 Reporter: Steve Dickson <steved>
Component: nfs-utilsAssignee: Steve Dickson <steved>
Status: CLOSED ERRATA QA Contact: yanfu,wang <yanwang>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.1CC: eguan, jlayton, mzywusko, steved, syeghiay
Target Milestone: rcKeywords: Regression
Target Release: 6.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nfs-utils-1.2.3-7 Doc Type: Bug Fix
Doc Text:
Previously, an incorrect principal in the NFS client request could have caused the rpc.svcgssd daemon to terminate unexpectedly with a segmentation fault. This was caused by an error in the underlying code. This update adapts the code and rpc.svcgssd no longer crashes.
 Story Points: ---
Clone Of: 697931 Environment:
Last Closed: 2011-05-19 14:19:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 697928, 697931    
Bug Blocks:    
Attachments:
Description Flags
Proposed Patch none

Description Steve Dickson 2011-04-20 13:07:42 UTC 
+++ This bug was initially created as a clone of Bug #697931 +++

+++ This bug was initially created as a clone of Bug #697928 +++

Description of problem:
rpc.svcgssd Segmentation faults on "Wrong principal in request"

Version-Release number of selected component (if applicable):
nfs-utils-1.2.3-5

How reproducible:
All the time.

--- Additional comment from updates on 2011-04-20 08:44:47 EDT ---

nfs-utils-1.2.3-11.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/nfs-utils-1.2.3-11.fc15
Comment 1 Steve Dickson 2011-04-20 13:14:36 UTC 
Created attachment 493488 [details]
Proposed  Patch
Comment 8 yanfu,wang 2011-04-21 10:54:16 UTC 
hi Steve,
Could you tell me how did you trigger the issue?
Comment 9 Steve Dickson 2011-04-23 11:46:17 UTC 
(In reply to comment #8)
> hi Steve,
> Could you tell me how did you trigger the issue?
The way I triggered this to have a F13 client, with a stale
/etc/keytab, do a mount against a f15 server. This cause
rpc.svcgssd to segfault and dump core. Once I figured 
out the problem, I quickly realized the problem was
in f14, f15, and RHEL6. So in the end I never did 
reproduce the problem on RHEL6.

Maybe one way to reproduce this is to create 
a /etc/keytab that does not have an DNS-able 
host name. They try a secure mount to a rhel6
server. If the error "Wrong principal in request"
is logged, you know you have reproduced the problem.
Comment 10 yanfu,wang 2011-04-24 08:04:54 UTC 
(In reply to comment #9)
> (In reply to comment #8)
> > hi Steve,
> > Could you tell me how did you trigger the issue?
> The way I triggered this to have a F13 client, with a stale
> /etc/keytab, do a mount against a f15 server. This cause
> rpc.svcgssd to segfault and dump core. Once I figured 
> out the problem, I quickly realized the problem was
> in f14, f15, and RHEL6. So in the end I never did 
> reproduce the problem on RHEL6.
> 
> Maybe one way to reproduce this is to create 
> a /etc/keytab that does not have an DNS-able 
> host name. They try a secure mount to a rhel6
> server. If the error "Wrong principal in request"
> is logged, you know you have reproduced the problem.

hi Steve,
Sorry, I still can't reproduce the problem.
If I create a /etc/keytab that does not have an DNS-able host name, I will just got Permission denied of mount on client since No credentials created and found caused by the wrong entry in keytab (rpc.gssd[4406]: ERROR: No credentials found for connection to server...), so the client hadn't talked to rpc.svcgssd.

So how do you let /etc/keytab stale? (comment nameserver in /etc/resolv.conf or get nfs/client@REALM credential first then remove the principal in kdc? All I do just got "Permission denied" on nfs client.)

I test on the unpatch package nfs-utils-1.2.3-6.el6 on RHEL6.1:
kdc: dell-pe1855-01.rhts.eng.bos.redhat.com
nfs server: hp-xw6400-02.lab.bos.redhat.com
nfs client: dell-pesc1425-02.rhts.eng.bos.redhat.com

I will be appreciative if you could help me to check more.
Comment 11 Steve Dickson 2011-04-26 14:57:22 UTC 
(In reply to comment #10)
> (In reply to comment #9)
> > (In reply to comment #8)
> > > hi Steve,
> > > Could you tell me how did you trigger the issue?
> > The way I triggered this to have a F13 client, with a stale
> > /etc/keytab, do a mount against a f15 server. This cause
> > rpc.svcgssd to segfault and dump core. Once I figured 
> > out the problem, I quickly realized the problem was
> > in f14, f15, and RHEL6. So in the end I never did 
> > reproduce the problem on RHEL6.
> > 
> > Maybe one way to reproduce this is to create 
> > a /etc/keytab that does not have an DNS-able 
> > host name. They try a secure mount to a rhel6
> > server. If the error "Wrong principal in request"
> > is logged, you know you have reproduced the problem.
> 
> hi Steve,
> Sorry, I still can't reproduce the problem.
> If I create a /etc/keytab that does not have an DNS-able host name, I will just
> got Permission denied of mount on client since No credentials created and found
> caused by the wrong entry in keytab (rpc.gssd[4406]: ERROR: No credentials
> found for connection to server...), so the client hadn't talked to rpc.svcgssd.
> 
> So how do you let /etc/keytab stale? (comment nameserver in /etc/resolv.conf or
> get nfs/client@REALM credential first then remove the principal in kdc? All I
> do just got "Permission denied" on nfs client.)
> 
> I test on the unpatch package nfs-utils-1.2.3-6.el6 on RHEL6.1:
> kdc: dell-pe1855-01.rhts.eng.bos.redhat.com
> nfs server: hp-xw6400-02.lab.bos.redhat.com
> nfs client: dell-pesc1425-02.rhts.eng.bos.redhat.com
> 
> I will be appreciative if you could help me to check more.
Hmm... I wonder if the krb5 libraries are different on F15 
than RHEL6... Like I said I was only able to reproduce the
problem with F15... 

Since the fix is so obvious, simply removing a '%s' from a printf()
statement, it spending time on trying to induce an uncommon error
worth it? Can't you simply review the patch and say yes this bug
is fixed?
Comment 12 yanfu,wang 2011-04-27 02:19:49 UTC 
do code review and verify the patch apply is sane:
...
Patch003: nfs-utils-1.2.3-rpcsvcgssd-segfault.patch

# 698220 - rpc.svcgssd: Segmentation fault on error
%patch003 -p1

%changelog
* Wed Apr 20 2011 Steve Dickson <steved> 1.2.3-7
- Fixed segfault in rpc.svcgssd (bz 698220)

# ls -l SOURCES/nfs-utils-1.2.3-rpcsvcgssd-segfault.patch 
-rw-r--r--. 1 root root 939 Apr 20 13:17 SOURCES/nfs-utils-1.2.3-rpcsvcgssd-segfault.patch
Comment 13 Eva Kopalova 2011-05-12 15:44:52 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, an incorrect principal in the NFS client request could have caused the rpc.svcgssd daemon to terminate unexpectedly with a segmentation fault. This was caused by an error in the underlying code. This update adapts the code and rpc.svcgssd no longer crashes.
Comment 14 errata-xmlrpc 2011-05-19 14:19:06 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0738.html